Dynamic Client Registration with 3rd party Auth providers (e.g. Okta)

[KKonstantinov]

Describe the bug
Whenever using the MCP inspector to test an OAuth 2.0 flow, a several issues become evident:

• Dynamic Client registration is enforced in the inspector (can see issue Dynamic client registration should be optional #167 and the PR raised against it already). Private enterprises will not want to expose DCR in all cases, but rather work with clients already registered in another way. (e.g. via API gateways that already handle client registration is one way, and of course it'll vary per organisation)
• Even with Dynamic Client registration, the inspector sending a request to a 3rd party authorization server (example: Okta) on its DCR endpoint (https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/Client/) will lead to a CORS error. However, testing with something like Claude for example - the DCR request is sent successfully with no CORS errors.

To Reproduce
Steps to reproduce the behavior:

1. Start the guided OAuth2.0 flow
2. Have your .well-known/oauth-authorization-server point to a 3rd party auth server (e.g. Okta/Auth0)

Expected behavior
No CORS error.

Logs

[symdeb]

Perhaps related to the another issue reported that MCP inspector sends an empty body in the client registration request ? it gives the same error with my own Oauth2 authentication server.